From 5d58ae790418a197c01acf0fdfb429d00e9305e0 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sun, 3 Dec 2023 22:41:59 +0100
Subject: [PATCH] remove bindmounts

---
 hosts/fw.cloonar.com/modules/firewall.nix |  3 +++
 hosts/fw.cloonar.com/modules/gitea.nix    | 12 ++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 0c06e9a..46d2728 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -130,6 +130,9 @@
         }
 
         table ip nat {
+          chain post {
+            iifname { "vb-*" } oifname { "server" } 10.42.97.1 comment "from internal interfaces"
+          }
           chain prerouting {
             type nat hook prerouting priority filter; policy accept;
           }
diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix
index 9845276..480cf7a 100644
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -110,12 +110,12 @@ in
         isReadOnly = false;
       };
     };
-    bindMounts = {
-      "/var/lib/acme/gitea/" = {
-        hostPath = "${security.acme.certs.${domain}.directory}";
-        isReadOnly = true;
-      };
-    };
+    # bindMounts = {
+    #   "/var/lib/acme/gitea/" = {
+    #     hostPath = "${security.acme.certs.${domain}.directory}";
+    #     isReadOnly = true;
+    #   };
+    # };
     config = { lib, config, pkgs, ... }: {
       networking = {
         hostName = "gitea";